How to Prevent Concurrent User Login with Angular + Dotnet core application?

Question

We are working on the applications with frontend angular and backend dotnet core. We have to check during login, whether the same user has already been logged in or not..If yes, then it will intimate user like same User has already been signed in..Whenever I start looking for this solution across internet, I saw options like we can have some flag stored in db during user logged in as 1 , if again the same user tries to log in means it should intimate the second login user.But my doubt is during system failure like suddon powershutdown / session timeout how can we update the log in flag as 0 (ie,we are not able to logout properly during this time right?)

Any help will be appreciated... Thanks in Advance!!

Answer 1

The implementation will be a bit tricky

1. Create a field in login database that stores an uniqueID
2. Create a unique id from angular at the time of login and if user is valid store that unique id in the login database.
3. User will successfully logged in only if uniqueID in database is null. If it has value show a message showing you are already logged in.
4. Store this unique id in Angular so that it is accessible and sent the id with every api call. The uniqueID should be checked in sql server with the login database and if it matches only then data should be served or else redirect to login page in angular
5. In case if a user does not properly logged out provide a link to the registered user email or sent OTP to registered mobile number or provide security question whichever is possible so that valid user if not properly logged out can reset the uniqueID field.

Note: Using this implementation if a second user tries to login he will not be able to login. If he is a valid user he can always reset using step 5. If the user reset then the previous user will not receive any new data and will be redirected to login page